Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-09-26 03:21:06 -04:00
Code Issues Projects Releases Packages Wiki Activity

Use versioned Azure login action (#353)

Browse source 
* Use versioned Azure login action
* Pin github actions to git tags
This commit is contained in:
Malte Poll 2022-10-21 16:23:29 +02:00 committed by GitHub
parent 252a7226a9
commit 2bf2cc6391
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

39
.github/workflows/build-os-image.yml vendored
View file

@ -23,7 +23,7 @@ jobs:
disk-mapper-sha256: ${{ steps.collect-hashes.outputs.disk-mapper-sha256 }} disk-mapper-sha256: ${{ steps.collect-hashes.outputs.disk-mapper-sha256 }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707 uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # tag=v2.5.0
- name: Build bootstrapper - name: Build bootstrapper
if: ${{ inputs.debug == false }} if: ${{ inputs.debug == false }}
@ -43,7 +43,7 @@ jobs:
outputPath: ${{ github.workspace }}/build/disk-mapper outputPath: ${{ github.workspace }}/build/disk-mapper
- name: Upload dependencies - name: Upload dependencies
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
with: with:
name: dependencies name: dependencies
path: | path: |
@ -101,10 +101,10 @@ jobs:
csp: [aws, azure, gcp, qemu] csp: [aws, azure, gcp, qemu]
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707 uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # tag=v2.5.0
- name: Download build dependencies - name: Download build dependencies
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
with: with:
name: dependencies name: dependencies
path: ${{ github.workspace }}/build path: ${{ github.workspace }}/build
@ -155,7 +155,7 @@ jobs:
continue-on-error: true continue-on-error: true
- name: Upload raw OS image as artifact - name: Upload raw OS image as artifact
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
with: with:
name: image-${{ matrix.csp }} name: image-${{ matrix.csp }}
path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.raw path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36/image.raw
@ -163,7 +163,7 @@ jobs:
continue-on-error: true continue-on-error: true
- name: Upload individual OS parts as artifacts - name: Upload individual OS parts as artifacts
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
with: with:
name: parts-${{ matrix.csp }} name: parts-${{ matrix.csp }}
path: | path: |
@ -178,7 +178,7 @@ jobs:
continue-on-error: true continue-on-error: true
- name: Upload manifest as artifact - name: Upload manifest as artifact
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
with: with:
name: manifest-${{ matrix.csp }} name: manifest-${{ matrix.csp }}
path: | path: |
@ -203,10 +203,10 @@ jobs:
upload-variant: TrustedLaunch upload-variant: TrustedLaunch
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707 uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # tag=v2.5.0
- name: Download OS image artifact - name: Download OS image artifact
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
with: with:
name: image-${{ matrix.csp }} name: image-${{ matrix.csp }}
path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36 path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~36
@ -223,17 +223,16 @@ jobs:
echo "::endgroup::" echo "::endgroup::"
- name: Login to AWS - name: Login to AWS
uses: aws-actions/configure-aws-credentials@a12c5029930fcd33589131d496622beb4e256718 uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # tag=v1.7.0
if: ${{ matrix.csp == 'aws' || matrix.csp == 'azure' }} if: ${{ matrix.csp == 'aws' || matrix.csp == 'azure' }}
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline
aws-region: eu-central-1 aws-region: eu-central-1
- name: Login to Azure - name: Login to Azure
uses: azure/login@642a43caaacadeef67ecede5930b25d56e8277af uses: ./.github/actions/azure_login
if: ${{ matrix.csp == 'azure' }}
with: with:
creds: ${{ secrets.AZURE_CREDENTIALS }} azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
- name: Login to GCP - name: Login to GCP
uses: ./.github/actions/gcp_login uses: ./.github/actions/gcp_login
@ -381,10 +380,10 @@ jobs:
csp: [aws, azure, gcp, qemu] csp: [aws, azure, gcp, qemu]
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707 uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # tag=v2.5.0
- name: Download OS image artifact - name: Download OS image artifact
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
with: with:
name: image-${{ matrix.csp }} name: image-${{ matrix.csp }}
@ -408,7 +407,7 @@ jobs:
working-directory: ${{ github.workspace }}/image/measured-boot working-directory: ${{ github.workspace }}/image/measured-boot
- name: Upload expected PCRs as artifact - name: Upload expected PCRs as artifact
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
with: with:
name: pcrs name: pcrs
path: pcrs-${{ matrix.csp }}.json path: pcrs-${{ matrix.csp }}.json
@ -426,7 +425,7 @@ jobs:
echo "::endgroup::" echo "::endgroup::"
- name: Download rootfs - name: Download rootfs
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
with: with:
# downloading / using only the QEMU rootfs is fine # downloading / using only the QEMU rootfs is fine
# since the images only differ in the ESP partition # since the images only differ in the ESP partition
@ -438,19 +437,19 @@ jobs:
unsquashfs -user-xattrs -d image.root.tree image.root.raw unsquashfs -user-xattrs -d image.root.tree image.root.raw
echo "::endgroup::" echo "::endgroup::"
- uses: anchore/sbom-action@2424de21c44622889b4c7cf9098c0e57648c58bf - uses: anchore/sbom-action@b5042e9d19d8b32849779bfe17673ff84aec702d # tag=v0.12.0
with: with:
path: image.root.tree path: image.root.tree
artifact-name: sbom.spdx.json artifact-name: sbom.spdx.json
format: spdx-json format: spdx-json
- uses: anchore/sbom-action@2424de21c44622889b4c7cf9098c0e57648c58bf - uses: anchore/sbom-action@b5042e9d19d8b32849779bfe17673ff84aec702d # tag=v0.12.0
with: with:
path: image.root.tree path: image.root.tree
artifact-name: sbom.cyclonedx.json artifact-name: sbom.cyclonedx.json
format: cyclonedx-json format: cyclonedx-json
- uses: anchore/sbom-action@2424de21c44622889b4c7cf9098c0e57648c58bf - uses: anchore/sbom-action@b5042e9d19d8b32849779bfe17673ff84aec702d # tag=v0.12.0
with: with:
path: image.root.tree path: image.root.tree
artifact-name: sbom.syft.json artifact-name: sbom.syft.json